Skip to main content

💼 SA-10 DEVELOPER CONFIGURATION MANAGEMENT

  • ID: /frameworks/nist-sp-800-53-r4/sa/10

Description​

The organization requires the developer of the information system, system component, or information system service to: SA-10a. Perform configuration management during system, component, or service [Selection (one or more): design; development; implementation; operation]; SA-10b. Document, manage, and control the integrity of changes to [Assignment: organization-defined configuration items under configuration management]; SA-10c. Implement only organization-approved changes to the system, component, or service; SA-10d. Document approved changes to the system, component, or service and the potential security impacts of such changes; and SA-10e. Track security flaws and flaw resolution within the system, component, or service and report findings to [Assignment: organization-defined personnel].

Similar​

  • Internal
    • ID: dec-c-aa4bca84

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v1.1 → 💼 PR.DS-8: Integrity checking mechanisms are used to verify hardware integrityno data
💼 NIST CSF v1.1 → 💼 PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)426no data
💼 NIST CSF v1.1 → 💼 PR.IP-2: A System Development Life Cycle to manage systems is implemented69no data
💼 NIST CSF v1.1 → 💼 PR.IP-3: Configuration change control processes are in place55no data

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 SA-10 (1) SOFTWARE _ FIRMWARE INTEGRITY VERIFICATIONno data
💼 SA-10 (2) ALTERNATIVE CONFIGURATION MANAGEMENT PROCESSESno data
💼 SA-10 (3) HARDWARE INTEGRITY VERIFICATIONno data
💼 SA-10 (4) TRUSTED GENERATIONno data
💼 SA-10 (5) MAPPING INTEGRITY FOR VERSION CONTROLno data
💼 SA-10 (6) TRUSTED DISTRIBUTIONno data